--check for /apic/getSessionkeyByWw
--
--  #shujubao,ons,app-up
--  allow 121.199.183.85;
--  allow 59.42.24.0/22;
--  allow 114.215.252.24;
--  allow 120.27.154.72;
--

local iputils = require("resty.iputils")
local whitelist_ips = {
        "59.42.24.0/22",
	"121.199.183.85",
	"114.215.252.24",
	"120.27.154.72",
	"114.55.0.117",
	"39.98.95.196"
}

local headers = ngx.req.get_headers()
local client_ip = headers["X-FORWARDED-FOR"] or ngx.var.remote_addr or headers["X-REAL-IP"]

whitelist = iputils.parse_cidrs(whitelist_ips)
if not iputils.ip_in_cidrs(client_ip , whitelist) then
        return ngx.exit(ngx.HTTP_FORBIDDEN)
end
